Re: wrt joao damas' DLV talk on wednesday

From: william(at)elan.net

Date: Mon Jun 12 18:50:50 2006

On Mon, 12 Jun 2006, Randy Bush wrote:

what is the security policy that isc plans to use over the
content of the isc dlv registry? and how will the dvl trust
key roll-over and revocation be handled?
if the above can not be very clearly answered (by isc?), then this
proposal is techno-political hubris at best.

yes, or an interesting proof-of-concept that can be taken-up and
completed by someone else.

actually, i suspect that the issues of dlv are exactly those of
iana root signing, key management and tld signature policy. and
hence dlv is hoisted on the same petard it attempts to avoid, and
then devolves to a simple power play of isc vs iana with neither
having a good answer to the real technical and security issues.

Unless I misunderstood the issues are not some-kind of power-play but
that in order to use DNSSEC right now you need to be within the zone/TLD
that itself is using DNSSEC and these are almost non-existent right now
with zone maintainers unwilling to take necessary financial and other
risks associated with upgrading to fully support DNSSEC. So DLV offers
potential for individual domain owners to start using DNSSEC without
waiting for the registry operator of their domain's TLD or SLD.

This seems good to me and I'm happy ISC as non-profit organization
is taking the initiative as I don't want the same situation as was
with domains and certificates at the end of 1990s where profit-driven
companies were acting as virtual monopoly in domain business.